1. Field of the Invention
The present invention relates to a password management system.
2. Description of the Related Art
Conventionally, in a system that requires a user to input a password for log-in, a mechanism as follows is known. In the mechanism, a past password that was previously set by the user but not currently used anymore is also stored. Then, when setting a new password, the user is warned or rejected if the user inputs a password that is the same as the past password as the new password (Patent Document 1, for example).
Here, in order to securely store passwords at a system side, each of the passwords may not be stored as clear text of an original password character string itself, but rather, may be stored as an encrypted password character string, which uniquely identifies the original password character string, obtained by encrypting the original password character string using a one-way function such as a hash function or the like. At this time, a method is known in which a random value called “salt”, for example, a fixed value or the like is added to the original password character string, and then the value is encrypted using the one-way function. When this method is used, under circumstances that the calculated results obtained by using the one-way function are sufficiently random and it is ensured that collision of the calculated results does not occur for actual inputs, it is possible to verify a password of a user by performing the same calculation, and also it is almost impossible to obtain (reconstitute) the original password character string from the calculated result. Thus, even if the stored encrypted password character strings are leaked, it is almost impossible to obtain the original password character string.
However, even when an encrypted password character string is stored as a password and it is almost impossible to reconstitute an original password character string from the encrypted password character string at the that time, as described above, there may be a case that it becomes possible to reconstitute (infer) the original password character string from the encrypted password character string due to an improvement of calculation speed of computers or the like.
For example, recently, a rainbow attack of estimating an original password character string using a rainbow table is known. The rainbow table is a list of calculated results obtained by previously encrypting a plurality of arbitrary character strings using one-way function. When such an attack is performed, if the stored encrypted password character string is leaked, the original password character string may be inferred.
Even when an effective encrypted password character string is leaked from a system and an original password character string is inferred from the encrypted password character string, unauthorized access to the system can be prevented by taking a measure such as invalidating the encrypted password character string at the system from which the encrypted password character string is leaked. Further, as the technique of Patent Document 1 described above, even when past passwords of the user are stored in the system and the past passwords are leaked as well, unauthorized access to the system can be prevented because the past passwords are not effective in the system anymore.
However, recently, users register their passwords at a plurality of systems or sites. In such cases, many of the users register the same passwords or the passwords similar to each other at the plurality of systems or sites. Further, for example, a password that has been previously used at a system is sometimes still used as an effective password at another system. In such a case, if an encrypted password character string that was previously registered at a system is leaked and an original password character string is inferred, unauthorized access to another system may be performed using the inferred password character string.